CVE-2005-2619

Published: Dec 31, 2005Modified: Apr 16, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allows remote attackers to delete arbitrary files via a (1) ZIP, (2) UUE or (3) TAR archive that contains a .. (dot dot) in the filename, which is not properly handled when generating a preview.

Affected (14)

Products: Autonomy: Keyview Export Sdk, Keyview Filter Sdk, Keyview Viewer Sdk · Ibm: Lotus Notes

3 products

Keyview Export Sdk

Keyview Filter Sdk

Keyview Viewer Sdk

1 product

Configuration A

14 vulnerable

Vulnerable Software	Affected Versions
Autonomy Keyview Export Sdk	All versions
Autonomy Keyview Filter Sdk	All versions
Autonomy Keyview Viewer Sdk	All versions
Ibm Lotus Notes	Version 6.0.1
Ibm Lotus Notes	Version 6.0.2
Ibm Lotus Notes	Version 6.0.3
Ibm Lotus Notes	Version 6.0.4
Ibm Lotus Notes	Version 6.0.5
Ibm Lotus Notes	Version 6.5.1
Ibm Lotus Notes	Version 6.5.2
Ibm Lotus Notes	Version 6.5.3
Ibm Lotus Notes	Version 6.5.4
Ibm Lotus Notes	Version 6.5
Ibm Lotus Notes	Version 7.0

Related CWEs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (22)

http://secunia.com/advisories/16100

Source: cve@mitre.org

PatchVendor Advisory

http://secunia.com/advisories/16280

Source: cve@mitre.org

PatchVendor Advisory

http://secunia.com/secunia_research/2005-30/advisory/

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/secunia_research/2005-66/advisory/

Source: cve@mitre.org

Vendor Advisory

http://securitytracker.com/id?1015657

Source: cve@mitre.org

Patch

http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229918

Source: cve@mitre.org

Patch

http://www.osvdb.org/23066

Source: cve@mitre.org

Patch

http://www.securityfocus.com/archive/1/424717/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/16576

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/0500

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/24637

Source: cve@mitre.org

http://secunia.com/advisories/16100

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://secunia.com/advisories/16280

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://secunia.com/secunia_research/2005-30/advisory/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/secunia_research/2005-66/advisory/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://securitytracker.com/id?1015657

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21229918

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.osvdb.org/23066

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.securityfocus.com/archive/1/424717/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/16576

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2006/0500

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/24637

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.